WePresent file_transfer.cgi Remote Command Execution
Critical Nessus Plugin ID 124367
SynopsisThe remote router is affected by a remote command execution vulnerability.
DescriptionThe remote device is affected by a remote command execution vulnerability due to improper sanitization of user-supplied input passed via /cgi-bin/file_transfer.cgi. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to execute arbitrary commands on the device.
Note that Nessus has detected this vulnerability by reading the contents of file /proc/cpuinfo.
SolutionContact the manufacturer for a firmware update.